Closed Bronek closed 6 years ago
@Bronek thanks for catching this. The only place ATTR_XVATTR
is used is with the va_mask
which is unsigned so it's safe to cast this. Can you verify that the tweak you suggested and changing the va_mask
type does resolve the bogus warnings.
diff --git a/include/sys/vnode.h b/include/sys/vnode.h
index 9ae48c7..9eb91e5 100644
--- a/include/sys/vnode.h
+++ b/include/sys/vnode.h
@@ -87,7 +87,7 @@
#define AT_MTIME ATTR_MTIME
#define AT_CTIME ATTR_CTIME
-#define ATTR_XVATTR (1 << 31)
+#define ATTR_XVATTR (1U << 31)
#define AT_XVATTR ATTR_XVATTR
#define ATTR_IATTR_MASK (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_SIZE | \
@@ -121,7 +121,7 @@ typedef enum vtype {
typedef struct vattr {
enum vtype va_type; /* vnode type */
- u_int va_mask; /* attribute bit-mask */
+ uint32_t va_mask; /* attribute bit-mask */
u_short va_mode; /* acc mode */
uid_t va_uid; /* owner uid */
gid_t va_gid; /* owner gid */
@behlendorf Thank you, this works (just tested)
@behlendorf Your fix looks good to me.
This fix was merged.
@tonyhutter could we possibly get this in 0.7.12, if one gets cut? I'm trying to help someone debug problems and it causes a lot of UBSAN noise.
I've added this issue to the 0.7.12 project so we can track it for possible inclusion.
The definition of ATTR_XVATTR in vnode.h is technically incorrect
1 << 31
because it invokes overflow, which is undefined behaviour for signed int. It should be replaced with1u << 31
. However this may in turn force conversions tounsigned int
in locations were ATTR_XVATTR is used.This problem has caused following "bogus" UBSAN reports on my test system: